New function X509_CTX_rget_chain(), make SSL_SESSION_print() display return code.

[openssl.git] / apps / pkcs12.c

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index f6b444b5f6ac8fc02a880d77f22d24d25e2949e0..a48f8c2d8b1acebef0dd67a0c78e3045e5cdd6d3 100644 (file)
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -79,7 +79,6 @@ EVP_CIPHER *enc;
 #define CACERTS                0x10
 
 int get_cert_chain(X509 *cert, STACK_OF(X509) **chain);
-int dump_cert_text (BIO *out, X509 *x);
 int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options);
 int dump_certs_pkeys_bags(BIO *out, STACK *bags, char *pass, int passlen, int options);
 int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options);
@@ -101,10 +100,11 @@ int MAIN(int argc, char **argv)
     int chain = 0;
     int badarg = 0;
     int iter = PKCS12_DEFAULT_ITER;
-    int maciter = 1;
+    int maciter = PKCS12_DEFAULT_ITER;
     int twopass = 0;
     int keytype = 0;
     int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+    int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
     int ret = 1;
     int macver = 1;
     int noprompt = 0;
@@ -143,8 +143,30 @@ int MAIN(int argc, char **argv)
                else if (!strcmp (*args, "-noiter")) iter = 1;
                else if (!strcmp (*args, "-maciter"))
                                         maciter = PKCS12_DEFAULT_ITER;
+               else if (!strcmp (*args, "-nomaciter"))
+                                        maciter = 1;
                else if (!strcmp (*args, "-nodes")) enc=NULL;
-               else if (!strcmp (*args, "-inkey")) {
+               else if (!strcmp (*args, "-certpbe")) {
+                       if (args[1]) {
+                               args++;
+                               cert_pbe=OBJ_txt2nid(*args);
+                               if(cert_pbe == NID_undef) {
+                                       BIO_printf(bio_err,
+                                                "Unknown PBE algorithm %s\n", *args);
+                                       badarg = 1;
+                               }
+                       } else badarg = 1;
+               } else if (!strcmp (*args, "-keypbe")) {
+                       if (args[1]) {
+                               args++;
+                               key_pbe=OBJ_txt2nid(*args);
+                               if(key_pbe == NID_undef) {
+                                       BIO_printf(bio_err,
+                                                "Unknown PBE algorithm %s\n", *args);
+                                       badarg = 1;
+                               }
+                       } else badarg = 1;
+               } else if (!strcmp (*args, "-inkey")) {
                    if (args[1]) {
                        args++; 
                        keyname = *args;
@@ -225,6 +247,8 @@ int MAIN(int argc, char **argv)
        BIO_printf (bio_err, "-maciter      use MAC iteration\n");
        BIO_printf (bio_err, "-twopass      separate MAC, encryption passwords\n");
        BIO_printf (bio_err, "-descert      encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
+       BIO_printf (bio_err, "-certpbe alg  specify certificate PBE algorithm (default RC2-40)\n");
+       BIO_printf (bio_err, "-keypbe alg   specify private key PBE algorithm (default 3DES)\n");
        BIO_printf (bio_err, "-keyex        set MS key exchange type\n");
        BIO_printf (bio_err, "-keysig       set MS key signature type\n");
        BIO_printf (bio_err, "-password p   set import/export password (NOT RECOMMENDED)\n");
@@ -288,13 +312,14 @@ int MAIN(int argc, char **argv)
        PKCS8_PRIV_KEY_INFO *p8;
        PKCS7 *authsafe;
        X509 *ucert = NULL;
-       STACK_OF(X509) *certs;
+       STACK_OF(X509) *certs=NULL;
        char *catmp;
        int i;
        unsigned char keyid[EVP_MAX_MD_SIZE];
        unsigned int keyidlen = 0;
        key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, NULL, NULL);
        if (!inkey) (void) BIO_reset(in);
+       else BIO_free(inkey);
        if (!key) {
                BIO_printf (bio_err, "Error loading private key\n");
                ERR_print_errors(bio_err);
@@ -365,7 +390,7 @@ int MAIN(int argc, char **argv)
                                PKCS12_add_friendlyname(bag, catmp, -1);
                sk_push(bags, (char *)bag);
        }
-
+       sk_X509_pop_free(certs, X509_free);
        if (canames) sk_free(canames);
 
        if(!noprompt &&
@@ -391,8 +416,7 @@ int MAIN(int argc, char **argv)
        p8 = EVP_PKEY2PKCS8 (key);
        EVP_PKEY_free(key);
        if(keytype) PKCS8_add_keyusage(p8, keytype);
-       bag = PKCS12_MAKE_SHKEYBAG(NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
-                       cpass, -1, NULL, 0, iter, p8);
+       bag = PKCS12_MAKE_SHKEYBAG(key_pbe, cpass, -1, NULL, 0, iter, p8);
        PKCS8_PRIV_KEY_INFO_free(p8);
         if (name) PKCS12_add_friendlyname (bag, name, -1);
        PKCS12_add_localkeyid (bag, keyid, keyidlen);
@@ -453,20 +477,6 @@ int MAIN(int argc, char **argv)
     EXIT(ret);
 }
 
-int dump_cert_text (BIO *out, X509 *x)
-{
-       char buf[256];
-       X509_NAME_oneline(X509_get_subject_name(x),buf,256);
-       BIO_puts(out,"subject=");
-       BIO_puts(out,buf);
-
-       X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
-       BIO_puts(out,"\nissuer= ");
-       BIO_puts(out,buf);
-       BIO_puts(out,"\n");
-        return 0;
-}
-
 int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
             int passlen, int options)
 {
@@ -597,11 +607,7 @@ int get_cert_chain (X509 *cert, STACK_OF(X509) **chain)
                i = X509_STORE_CTX_get_error (&store_ctx);
                goto err;
        }
-       chn =  sk_X509_dup(X509_STORE_CTX_get_chain (&store_ctx));
-       for (i = 0; i < sk_X509_num(chn); i++) {
-               x = sk_X509_value(chn, i);
-               CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
-       }
+       chn =  X509_STORE_CTX_rget_chain(&store_ctx);
        i = 0;
        *chain = chn;
 err: